CVE-2026-25681 - Medium Severity Vulnerability
Vulnerable Library - golang.org/x/net-v0.47.0
Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.47.0.zip
Path to dependency file: /OPENAPI-REST-API/openapi-client/terraform-provider/go.mod
Path to vulnerable library: /home/wss-scanner/go/pkg/mod/cache/download/golang.org/x/net/@v/v0.47.0.mod
Dependency Hierarchy:
- github.com/hashicorp/terraform-plugin-framework-v1.17.0 (Root Library)
- github.com/hashicorp/terraform-plugin-go-v0.29.0
- github.com/hashicorp/terraform-registry-address-v0.4.0
- ❌ golang.org/x/net-v0.47.0 (Vulnerable Library)
Found in HEAD commit: 1f70e2feccb7006c8d32cc7d4fe62f5cf5e5c34d
Found in base branch: master
Vulnerability Details
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
Publish Date: 2026-05-22
URL: CVE-2026-25681
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://pkg.go.dev/vuln/GO-2026-5029
Release Date: 2026-05-22
Fix Resolution: golang.org/x/net - v0.55.0,https://github.com/golang/net.git - v0.55.0
Step up your Open Source Security Game with Mend here
CVE-2026-25681 - Medium Severity Vulnerability
Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.47.0.zip
Path to dependency file: /OPENAPI-REST-API/openapi-client/terraform-provider/go.mod
Path to vulnerable library: /home/wss-scanner/go/pkg/mod/cache/download/golang.org/x/net/@v/v0.47.0.mod
Dependency Hierarchy:
Found in HEAD commit: 1f70e2feccb7006c8d32cc7d4fe62f5cf5e5c34d
Found in base branch: master
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
Publish Date: 2026-05-22
URL: CVE-2026-25681
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://pkg.go.dev/vuln/GO-2026-5029
Release Date: 2026-05-22
Fix Resolution: golang.org/x/net - v0.55.0,https://github.com/golang/net.git - v0.55.0
Step up your Open Source Security Game with Mend here